Greenbelt man ran global 'spearphishing' email scam, nets millions

The scams reached from Greenbelt, College Park and Bowie to South Africa, West Africa and Europe.

Author:
Scott Broom

Published:
1:40 PM EDT April 3, 2019

Updated:
6:02 PM EDT April 3, 2019

GREENBELT, Md. — A 24-year-old Greenbelt man by the name of "Albanky" drove a Bentley Continental, a Porsche and a Land Rover. He made a hip-hop video documenting his life as a club denizen in D.C. area nightspots and claimed to run a media production business.

In reality, the man -- with roots in Cameroon -- identified as Aldrin Fon Fomukong, and a crew of collaborators, helped run a destructive series of email frauds that netted them millions and pushed innocent victims to the brink of financial ruin. The collaborators reached from Greenbelt, College Park and Bowie, to South Africa, West Africa and Europe.

"Between February 2016 and in or about July 2017, Fomukong and his co-conspirators gained access to email accounts associated with the victims and sent false wiring instructions, causing the victims’ financial institutions to wire millions of dollars into drop accounts set up by the defendants,” the Maryland District of the U.S. Attorney’s office announced in a written statement in 2018.

Court documents outline an operation backed by a skilled group of South Africa-based hackers who are experts in a common and dangerous online fraud tactic called “spearfishing."

The tactic involves breaking into email accounts by baiting users to click into convincing-looking links that secretly download coded instructions that allow the hackers to monitor the mail, collect critical information and then launch a highly-targeted, convincing fraudulent attack.

But the collaborators overseas needed a crew in the U.S. to set up legitimate-looking accounts to launder and send stolen money offshore quickly.

That’s where Fomukong and his collaborators in the U.S. came in.

They'd even travel to banks in Texas and Louisiana to withdraw cash and cashiers checks in person, before the fraud could be detected and stopped.

One collaborator, 23-year-old Carlson Cho, who was known as “Uncle Tiga2,” of Braintree, Massachusetts was especially crucial. Cho, also with Cameroonian roots, posted photos of himself in a U.S. Marine uniform.

He was also a young Bank of America employee.

“Cho’s conduct was especially egregious," prosecutors wrote in a recently filed sentencing memorandum. "He was a Bank of America employee, a position which allowed him to fraudulently authorize large wire transactions to launder (or attempt to launder) victim funds to bank accounts outside the United States, including South Africa, Cameroon, the Czech Republic and Poland."

"Cho laundered over $1 million of victim funds out of the country using his position as a Bank of America employee and caused an intended loss to Victims C, D, L and M of over $3.3 million," prosecutors said.

The schemes cost 13 victims across the U.S. a combined $4.2 million. Victims are only identified by letters in court documents.

The victims included a couple who were first time homebuyers who thought they were wiring a down payment into escrow according to the instructions of scammers posing as the couple's trusted real estate broker.

Another victim was an Afghan war refugee who had helped American forces to earn his way to the U.S. He'd started a real estate rehab business, and lost 90 percent of his savings.

The scammers managed to get more than $300,000 transferred to Fomukong mother, who lives in Cameroon.

Prosecutors wrote how individual and business email accounts were phished allowing the scammers to gain access.

"The members then sent false wiring instructions to the victims' email accounts from spoofed email accounts," prosecutors said. "These spoofed email accounts resembled legitimate email accounts for title companies, vendors, and other businesses and individuals from whom the victims were expecting wire instructions."

One example provided a deep look at the vulnerabilities exploited by the attacks.

"Victim F learned that an outside party breached the accounting manager’s email address and added a 'rule' to the mailbox wherein all emails that matched certain criteria would be automatically forwarded to a conspirator’s email account," prosecutors said.

"Additionally, the true emails would be forwarded to an inbox where they would go unnoticed. The outside party thereafter edited intercepted emails by changing the sender’s email address and bank wire instructions. After the alteration, the fraudulent email was sent to the accounting manager, resulting in the wire transfer of $50,703.00”.

The victim had no idea he’d been robbed until he was called by a client about a wire transfer that was expected but not received.

Often the group of young scammers in the U.S. would set up small companies that appeared to be vendors or real estate concerns with legitimate bank accounts, which they could clean out and send overseas in a matter of hours.